searching through firewall rules?

Report Inappropriate Content · ‎06-04-2010

I have inherited a fortigate and I am trying to find a nice, clean way to list firewall rules that apply to a network address (or any hosts therein). There are A LOT of rules currently, so doing it manually would probably take a few days. Is there some method to essentially grep through rules that would be applied to a host within (say) 10.1.2.0/24 ?

rwpatterson · ‎06-04-2010

Welcome to the forums. The only way that comes to mind (for me) would be to make a backup in clear text (no password). First scan for the IP address. That will provide you the address name. Then scan for that name again through the config. Each policy should then be shown by number with each hit. If the address name is in a group, then you' ll have to scan through again with that group name as well. Hope that helps.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

abelio · ‎06-04-2010

hello, There' s another additional approach: the easy way: you could use embbeded filter feature for search within the GUI; If you know the object' s name you could do searches using filters for sorce, destination, whatever, i.e example: attached figure. the advanced or more complicated way: use CLI diagnose command diagnose checkused <path.object.mkey> <tablename> i.e: diag sys checkused firewall.vip:name <VIP-NAME> " grep" command became available in fortios 4.2 thanks to god...

regards,

regards

/ Abel

searching through firewall rules?

Nominate a Forum Post for Knowledge Article Creation